gcleaner | 49f5b830063942a5a52e38a9258e457a97990b08afd3daf68ae8ef944eac1da9 | Triage

Sharing

General

Target

b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031.zip
Size

205KB
Sample

230310-njhvnsdc67
MD5

a42e89764e46d8a04977caa8b43410fe
SHA1

ef554169c4e66a9c3457c8a70a3c68f0c13cac96
SHA256

49f5b830063942a5a52e38a9258e457a97990b08afd3daf68ae8ef944eac1da9
SHA512

0123647bed8c72da90bd657300647b4d3d8d27fa921d31341677aac6efcc01275c8fd78606ec75913c2fd39d5e8d48734d5f97e4f87fda847e6058e16f15b181
SSDEEP

6144:TtoQ7Y5tyFCfiD89aUGZsnTAjOydnaZUB9:BlY5tWDcaUdyMUL

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031.exe
- Size
  
  270KB
- MD5
  
  5c82f9d43748af8b52b4d11ea71cb323
- SHA1
  
  51ecf6fc4f4e13f1a7634ae2e09b0ef3549a5be1
- SHA256
  
  b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031
- SHA512
  
  a239232cc62cafc258ea1617b5a0364cf4d7f12b95e277cb486136f50d3666948923581c48e7762789d2c32941a225a9d55184d0cee311e84d320d57e16e42eb
- SSDEEP
  
  6144:Bpr91XKOC5bWr/gvbh4XcqXft+hCmaX/uqt:BTxjC5bIIvbeVvtAZuG
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2